eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/docs/changelog.d
History
Erich Blume 07fb48626d Add Authentik SSO integration for Jellyfin (#239) 
## Summary
- Add Authentik OIDC provider + application for Jellyfin via blueprint (all authenticated users allowed, no policy binding)
- Wire `jellyfin-client-secret` through ExternalSecret and Authentik worker deployment
- Install [jellyfin-plugin-sso](https://github.com/9p4/jellyfin-plugin-sso) v4.0.0.3 via Ansible, with OIDC config template
- Authentik `admins` group maps to Jellyfin administrator role
- Local login left enabled; SSO is additive

## Deployment and Testing
- [ ] Sync ArgoCD `authentik` app on branch — verify provider + application appear in Authentik admin
- [ ] `mise run provision-indri -- --tags jellyfin --check --diff` (dry run)
- [ ] `mise run provision-indri -- --tags jellyfin` (deploy plugin + config)
- [ ] Test SSO flow: `https://jellyfin.ops.eblu.me/sso/OID/start/authentik`
- [ ] Verify `eblume` account auto-links via `preferred_username` match
- [ ] Verify admins group → Jellyfin admin
- [ ] Reset ArgoCD app revision to main after merge

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/239
2026-02-21 20:05:44 -08:00
..
.gitkeep Add towncrier changelog system (#86) 2026-02-03 11:48:13 -08:00
add-container-versioning-prereq.infra.md Add commit-based container tagging prereq to harden-zot-registry chain (#230) 2026-02-20 18:26:27 -08:00
feature-agent-change-process.feature.md Add agent change process (C0/C1/C2) and docs-mikado tool (#225) 2026-02-20 08:15:20 -08:00
feature-authentik-mikado-chain.infra.md Convert deploy-authentik plan to C2 Mikado chain (#226) 2026-02-20 08:22:19 -08:00
feature-deploy-authentik.feature.md Deploy Authentik identity provider (C2 Mikado) (#227) 2026-02-20 12:55:59 -08:00
feature-forgejo-authentik-oidc.feature.md Integrate Forgejo with Authentik OIDC (#228) 2026-02-20 17:39:50 -08:00
feature-jellyfin-authentik-sso.feature.md Add Authentik SSO integration for Jellyfin (#239) 2026-02-21 20:05:44 -08:00
harden-zot-registry.feature.md Adopt commit-based container tags (#232) 2026-02-20 22:56:20 -08:00
plan-deploy-authentik.doc.md Add Authentik deployment plan (#224) 2026-02-20 07:06:56 -08:00
register-zot-oidc-client.feature.md Register Zot as OIDC client in Authentik (#236) 2026-02-21 08:45:06 -08:00
wire-ci-registry-auth.feature.md Docs pass: update zot Mikado chain for completion 2026-02-21 15:32:34 -08:00